Privacy Policy

What we collect

Tiniary collects account identifiers, baby profile details you enter (name, birth date, and premature-week adjustment), activity responses, notes, subscription status, device diagnostics, and product analytics. Tiniary does not collect photos, voice recordings, or any biometric data. Legal bases include contract performance, consent where required, legitimate interests in security and improvement, and legal obligations.

Who processes your data

Named processors: Supabase for authentication and database hosting, RevenueCat for subscription entitlement management, Apple App Store and Google Play for payments, PostHog for analytics, Sentry for crash reporting, and Expo/EAS for app build and notification infrastructure. These processors act only on Tiniary's behalf to run the service. Tiniary does not sell your or your child's data, does not share it for advertising, does not use it for targeted or behavioral advertising, and does not provide it to other businesses for their own marketing or purposes. Payment card data is handled by app-store processors and is not stored by Tiniary.

Your rights and retention

You may request access, deletion, export, correction, restriction, or opt-out where applicable under GDPR and CCPA. Data is retained while your account is active, then deleted or anonymized within a reasonable operational period unless law requires longer retention. Data may be processed internationally with contractual safeguards. Tiniary is not directed to children as account holders.

Children's privacy

Adults create and control Tiniary accounts and confirm at sign-up that they are the child's parent or legal guardian. Baby names, birth dates, premature-week adjustments, activity responses, and notes are entered by the adult account holder and are used to provide age-adjusted activity selection, timelines, and recaps. Tiniary does not collect photos, voice recordings, or biometric data, and performs no facial or voice recognition. We do not knowingly allow children to create accounts.

Security

Security measures include Supabase row-level security, authenticated access controls, bounded notes, and processor-hosted payment flows. Cookies or mobile identifiers may be used for authentication, analytics, crash diagnostics, subscriptions, and notification delivery. You can contact noumenon.aii@gmail.com to exercise privacy rights.